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The purpose of this note is to apply the result of [9] to obtain an algorithm for counting 
points on curves over finite fields, for curves that belong to families. By a family of curves 
we mean curves that are specified by equations of the same form, in an ambient projective 
space of the same dimension, and have the same degree and genus. We will be more precise 
below. The algorithm will be polynomial time in the size of the finite field, with the degree 
of the polynomial depending on the family. 

The main result of [9] was the following generalization to Abelian varieties over finite 
fields of the algorithm of Schoof [10] for elliptic curves over finite fields. 

Theorem A. Let A be an Abelian variety over a finite field F q , given explicitly as 
a projective variety with an explicit addition law. Then one can compute the characteris- 
tic polynomial of the Frobenius endomorphism of A in time bounded by Bi(logq) B2 , where 
Bi, B 2 depend only on the embedding space dimension of A, the number of equations defin- 
ing A and the addition law, and their degrees. □ 

Let us remark at this point that the above is not a generalization of Schoof 's result in 
the strict sense: the elliptic curve case of the above does not reduce to Schoof 's algorithm. 
In particular, we require for input a more comprehensive description of the group law (see 
[8, section 3]). The group law on an elliptic curve is traditionally specified by a set of 
rational functions defined on an open subset of E x E; another set of rational functions 
gives the group law on the complement of that open set in E x E. Such a specification 
suffices for Schoof. We require that several such sets of rational functions be given, each 
determining the group law on an open subset of E x E, and such that these open subsets 
cover E x E. See Silverman [12, Remark 3.6.1] for a discussion of how to obtain further 
charts of the addition law in the elliptic curve case. 

In order to apply our algorithm to count points on curves over finite fields, we must 
first construct the Jacobian variety of the curve, and the group law upon it in the above 
sense. In the applications in [9], this was done following the construction of Chow [3]. 
Applying Chow's construction to a curve C defined over Q, one obtains in explicit form 
the Jacobian J. One can then obtain the Jacobian of the reduction of C modulo primes p 
(for almost all p) by reducing J. These reductions are all defined by equations of the same 
form. 

These applications were thus of the type considered here: the family of curves being 
the reductions mod p of a fixed curve over Q. They depended on the compatibility of 
Chow's construction with reduction. 

However, Chow's construction is also compatible with other specializations; the fol- 
lowing is a theorem of Igusa [7] , who also analysed the situation in which the specialization 
of the curve acquires some limited singularities. A still more general statement of the uni- 
versality of the Jacobian construction is due to Grothendieck [6]. A convenient reference 
is Milne [8, section 8]. The statement below is sufficient for our purposes. 
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Theorem B. Let C and C be two irreducible curves in P n such that C is a special- 
ization of C over K. Let J and J' be the completed generalized Jacobian varieties of C 
and C respectively. Suppose that C and C have the same arithmetic genus, and that the 
same reference integer is used in the constructions of the Jacobian varieties. Then J and 
J' have the same ambient space. If C is nonsingular, and if C is either nonsingular or 
has one and only one ordinary double point, then J' is the unique specialization of J over 
the specialization C — > C with reference to K . □ 

To state a result on the form of the equations defining the Jacobian, we begin with a 
definition. 

Definition. A curve presentation is a finite collection of forms (in the variables X{) 

in 

][x , . . . ,X n ] 

where the aj are indeterminates, with the property that if the aj are considered as inde- 
pendent transcendental elements over Q, the projective algebraic set determined by the 
forms is an absolutely irreducible nonsingular curve. We refer to the degree and genus of 
this curve as the degree and genus of the presentation. 

Remark. The restriction that the aj be independent indeterminates is not necessary. 
One can allow them to be connected by some arbitrary algebraic relations. This gives a 
family of curves corresponding to the points of some algebraic set, V, given as the zeros of 
an ideal A. The stated definition takes V to be affine m-space. 

If the ideal A is prime then we require that the curve determined by the forms over 
the field of fractions of Zfa^/A (that is, the generic point) be an absolutely irreducible 
non-singular curve. If V is reducible, we require the above at all constituent primes. For 
simplicity we will assume that our presentations are irreducible; reducible presentations 
can be dealt with by first finding (in a finite amount of time [11]) the constituent irreducible 
presentations. 

Associated with a curve presentation C is a finite collection A(C) of polynomials A i: 

Ai e Z[ai, . . . , a m ], 

with the following property: if the aj are specialized to values in an arbitrary field K, the 
projective algebraic set determined by the forms of the presentation will be an irreducible 
nonsingular curve, having the degree and genus of the presentation, except possibly when 
the polynomials Aj all vanish. We call A(C) the discriminant of the presentation. 

To build the identity element of the Jacobian variety we need some rational divisor 
on the curve presentation. The identity element will be a suitable multiple of this divisor. 
This should be specified as being a point (with coordinates in Z[ai, . . . , a m ]) in some fixed 
symmetric product of the curve presentation. For simplicity we will assume that it is given 
as the intersection of the curve with a hyperplane. 

Definition. A rational divisor presentation D associated to a curve presentation C is 
a linear form in Z[ai, . . . , a m ] [Xq, . . . , X n ] with the property that when the ai as considered 
as independent transcendental elements over Q, the hyperplane determined by the form 
properly intersects the curve. 



2 



Associated with a curve presentation and a rational divisor presentation is a discrimi- 
nant A(C, D) with the property that when the ai are specialized to values in an arbitrary 
field, the specialization of the hyperplane is a hyperplane (that is, not all the coefficients 
vanish), and this hyperplane properly intersects the specialization of the curve, except 
possibly when the polynomials comprising the discriminant all vanish. 

Definition. An Abelian variety presentation A consists of the following. Let aj be 
indeterminates. 

1. A finite collection of forms Fi(X) in Z[ai, . . . , a m ]LYo, . . . , X n ]; 

2. A finite collection of n + 1-tuples of polynomials 

G( r \x,Y), r = l,...,R 
G< r > (A, Y) = (G^ (X,Y),..., G W (A, Y) ) , 

where X = (Xq, . . . , X n ), Y = (Yo,...,Y n ) and the G\ are homogeneous of the same 
degree in each system of variables. 

3. An n-tuple E of elements of Z[ai, . . . , a m ], not all zero. 

These objects should further have the property that when the aj are considered as inde- 
pendent transcendental elements over Q , the forms Fi determine a nonsingular variety 
A, the n-tuple E point of this variety, and the collection of n + 1-tuples G^ a group law 
A x A — > A with the point E as identity element. By this last condition we mean that 
each n + 1-tuple should define the group law on an open subset of A x A, and that these 
open subsets should together cover A x A. 

Here again we will allow the a,j to be connected by some algebraic relations. We will 
insist that the corresponding ideal of relations be prime. 

Associated with an Abelian variety presentation is a discriminant A(A) comprising 
a finite number of polynomials in Z[ai, . . . , a m ]. It has the property that if the aj are 
specialized to values in an arbitrary field, the corresponding algebraic set is an abelian 
variety, with E a point of this variety, with group law determined by the forms G^ in 
the above sense, and with E as the identity element, except possibly when the constituent 
polynomials of the discriminant all vanish. 

Given two systems of polynomials Ai and A2, the product A1A2 will denote the 
system of generators for the product of the ideals. We can now state an equational version 
of Chow's construction and Igusa's theorem. 

Theorem C. Let C be a curve presentation, and D an associated rational divisor 
presentation. Then we can construct an Abelian variety presentation J and a finite non- 
empty collection of polynomials A* with the following property. Let the aj be specialized 
to values in an arbitrary field in such a way that the polynomials A*A(C)A(C,D) do not 
all vanish. Then the Abelian variety presentation determines the Jacobian variety of the 
curve. 

We call J the Jacobian presentation associated to the curve presentation C, and the 
rational divisor presentation D. It is completely determined by the curve presentation, 
the rational divisor presentation, and the choice of an auxilliary positive integer in the 
construction. The discriminant A(J) thus divides A* A(C) A(C, D). 
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Proof. Chow's construction obtains equations for the variety underlying the Ja- 
cobian, and for the graph of the group law, in universal form for the presentation that 
specialize whenever the curve and rational divisor specialize appropriately. We desire a 
rational parametrization of this graph. Initially, we construct such a parametrization over 
Z[aj]. The forms we construct will give a complete description of the group law on 
JxJ over Q(ai, . . . , a m ) when the cij are taken to be independent transcendental elements; 

(r) 

it follows that the forms G\ have no common zeros on J x J. By the nullstellensatz, the 

ideal generated by the G^ and the Fi over Z [cij] contains a non-zero element of Z [a-,-]; 
moreover, by the elimination theorem, there are a finite number of elements of Z [aj] whose 
vanishing is a necessary and sufficient condition for the existence of a common zero (in 

the Xi) of G} ' and the F z . This non-empty collection of non-zero polynomials gives the 
additional discriminant A* of the theorem. □ 

We thus have a presentation of the Jacobian that presents the Jacobian in a form 
suitable for the application of theorem A, except on the zero set of A*, a lower dimensional 
set. On the zero set of A* (but outside that of A) we have a presentation of the variety, 
and the graph of the group law. We can determine ([11]) the associated primes of A*. On 
each, we can consider the Abelian variety over the corresponding field of fractions, and 
construct a parametrization of the graph of the group law. Repeating the argument of 
the above proof, the forms we construct will continue to give a complete description of the 
group law when specialized outside a set of lower dimension, determined by some resultant 
system. In this way we can construct a finite number of Abelian variety presentations 
and systems of discriminants such that, for any specialization of the curve and divisor, 
outside their discriminants, one (at least) of the Abelian variety presentations will present 
the Jacobian of the curve. (Since the irreducible components of a given algebraic set will 
intersect, a given specialization of the cij might correspond to more than one of the Abelian 
variety presentations.) 

We thus conclude the following result. 

Theorem D. Let C be a curve presentation, and D an associated rational divisor 
presentation. Let A be A(C) A(C,D). Then we can construct a finite number of Abelian 
variety presentations Ji, . . . ,J r , corresponding to prime ideals Aj in Z[aj], and with dis- 
criminants Ai, with the following property. Let the aj be specialized to values in any field 
in such a way that the polynomials comprising A do not all vanish. Then one (at least) 
of the Abelian variety presentations Ji will have the property that the aj belong to the cor- 
responding set V(Ai), and the polynomials comprising the corresponding discriminant Ai 
do not all vanish. Further, any of the presentations with the above property will determine 
the Jacobian variety of the curve. □ 

Remark. Let us raise the question of whether the above stratification procedure is 
necessary: perhaps the kind of data we desire describing the group law can be obtained 
universally, but we do not see how to do this. 

More generally, suppose that V and W each represent smooth, complete varieties, 
parametrized by points of another variety (outside some discriminant) , and determined by 
equations in a universal way. Suppose further that we have a universal presentation of 
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the graph of a morphism V — > W. Can we get a universal system of rational functions 
determining this morphism? 

If the discriminant of the original presentation of the curve is of codimension 1, one 
might expect that the discriminant A* already coincides with A. 

Let us now eliminate the divisor presentation from the data. Given a curve presen- 
tation, we can find some rational divisor presentation that generically intersects the curve 
properly. We now proceed by a similar process of stratification to determine divisors on 
the lower dimensional presentations. We thus get a version of theorem D with no rational 
divisor in the hypothesis. 

Theorem E. Let C be a curve presentation with discriminant A. Then we can 
construct a finite number of Abelian variety presentations Ji,...,J s , corresponding to 
prime ideals Aj in Z[aj], and with discriminants A i} with the following property. Let the 
a,j be specialized to values in any field in such a way that the polynomials comprising A 
do not all vanish. Then one (at least) of the Abelian variety presentations Jj will have the 
property that the aj belong to the set corresponding to Aj, but not to the set corresponding to 
Aj. Further, any of the presentations with the above property will determine the Jacobian 
variety of the curve. □ 

Combining with theorem A yields the following algorithm. 

Theorem F. Let C be a curve presentation of degree d and genus g. There exist pos- 
itive integers B±, B2, and a deterministic algorithm, depending only on the presentation, 
with the following property. Let the aj be specialized to values in a finite field F q such 
that the polynomials comprising A(C) do not all vanish. Then the algorithm computes the 
Zeta function of the curve over the finite field F q , and hence in particular the number of 
rational points on the curve over F q in time bounded by Bi (log g) 52 . □ 

As an example of the above we will consider the hyperelliptic families 

y 2 = f(x) = a x d + a lX d - 1 + • • • + a d 

where d > 3 is an integer. This is not a presentation according to our definition, since 
the equation is not homogeneous, and the plane curve is singular (if d > 5). However, 
a (completed) projective embedding is easily given, in universal form (see Silverman [11, 
exercise 2.14]). The curve is nonsingular of degree d and genus g, where d — 2 < 2g < d 
for a given specialization of the aj provided that the discriminant A(<i) of the polynomial 
f{x) is non- vanishing. In this case a rational divisor presentation is easily found with 
discriminant 1. Hence we obtain the following result. 

Theorem G. Let d > 3 be an integer. There exist positive integers B^^Bi, and a 
deterministic algorithm, depending only on d, with the following property. Let f(x) have 
coefficients aj in a finite field F q , such that the discriminant A(d) does not vanish. Then 
the algorithm computes the number of points on the corresponding hyperelliptic curve over 
F q in time bounded by Bi (logq) B2 . □ 
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A random polynomial time algorithm in the genus 2 case has been given by Adleman 
and Huang [1] as part of their random polynomial time primality test. 

Let us also remark that the above, and all the algorithms presented here are of purely 
theoretical interest (if any) at the present time: not only because the algorithm of theorem 
A is impractical, but because the construction of the Jacobian in the desired form is 
impractical. As remarked earlier, this is generally avoided even in the elliptic curve case. 

As a further application we can give a uniform version of theorem C of [9]. For this, we 
consider initially a family of projective plane curves, generically absolutely irreducible, of 
a certain genus and degree. We allow a finite number of singularities. All these properties 
will be preserved by specializations outside an appropriate discriminant. Such a family is 
specified by a single form H{X, Y,Z) in Z[ai, . . . , a m ]LY, Y, Z], with some other relations 
on the cij given by a (prime) ideal A in Z[aj]. 

Theorem H. Let H be a family of plane curves, with discriminant A. There is a 
deterministic polynomial time algorithm operating as follows. Taking as input a specializa- 
tion of the a,j in an arbitrary finite field F q such that the polynomials in A all vanish, but 
not all those in A, the algorithm counts the number of points on the curve H(X, Y, Z) = 
in P 2 (F g ) 

Proof. We show how to obtain a finite number of curve presentations from the planar 
family. We begin by resolving the generic curve of the family. This gives a smooth projec- 
tive curve presentation, outside of a set of lower dimension determined by an appropriate 
discriminant. After finding the constituent primes of the zero set of this discriminant, one 
resolves the corresponding curves. In this way, one produces a finite number of curve pre- 
sentations that suffice to resolve every curve in the family. We can now apply theorem F. 
The number of rational points will be the same except for a correction due to the singular 
points. The correction is easily made in polynomial time, as it entails counting points in 
a zero dimensional algebraic set with a fixed description (see [9]). □ 

One can state a similar theorem for families of affine plane curves. The extra account- 
ing for the points at infinity is easily accomplished in polynomial time. 

We now make some concluding remarks. Apart from using simpler input data, Schoof 
is able to reduce the computations needed to calculations involving univariate polynomials 
(essentially by operating on the Kummer variety). The algorithm of theorem A does 
ideal-theoretic calculations with polynomials in many variables. In this sense our result 
might be paraphrased as the assertion that Schoof's idea of computing using the £-adic 
representations is strong enough to succeed without further assistance from simplifications 
in the ideal-theoretic computations. 

Nevertheless one would like to investigate such simplifications in the higher dimen- 
sional cases, especially the genus or dimension 2 case that is the next simplest after elliptic 
curves. Explicit equations for Jacobian varieties of hyperelliptic curves of genus two, to- 
gether with group laws (seemingly not in the comprehensive form we require) are now 
available, due to Grant [5] (degree 5), and Cassels and Flynn [2], [4] (degree 6). These 
provide a starting point. 

Returning to theoretical questions, it is natural to pursue an algorithm of the type of 
theorem E applicable to a family containing all curves of a given genus. 
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In order to avoid subtleties connected with the moduli space, it might be desirable 
to work instead with a family that represents most isomorphism classes of curves, each a 
roughly equal number of times. Thus we could (say) leave out hyperelliptic curves (g > 3), 
and also allow curves with automorphisms to be under- represented. The object would be 
a family of curves imitating the moduli space in a statistical sense: with respect to the 
distribution of coefficients of Zeta functions over finite fields. A similar question arises for 
Abelian varieties of a given dimension. 

Note (April 2005). This paper was written in (March) 1991, and I have posted it "as 
was". At a later point I intend to revise it and update references. My thanks to Claus 
Diem for his suggestions. At the time the paper was written, I was affiliated with the 
Department of Mathematics of Columbia University (New York). 



References. 

[1] Adleman,L.M. and Huang, M.-D., Recognizing Primes in Random Polynomial 
Time, Preprint, 1988. 

[2] Cassels, J. W. S., Arithmetic of curves of Genus 2, Number Theory and Applications, 

R. A. Mollin, editor, Kluwer 1989. 
[3] Chow, W.-L., The Jacobian variety of an algebraic curve, American. J. Math. 76 

(1954), 453-476. 

[4] Flynn, E. V., The jacobian and Formal Group of a Curve of Genus 2 over an Arbi- 
trary Ground Field, Math. Proc. Camb Phil. Soc. 107 (1990), 425-441. 

[5] Grant, D., Formal Groups in Genus Two, J. Reine Angew. Math., 411 (1990) 96- 
121. 

[6] Grothendieck, A., Technique de descente et theorems d'existence en geometrie 
algebrique, IV, V, Seminaire Bourbaki, Exposes 221, 232. (1960-1962). 

[7] Igusa, J-L, Fibre Systems of Jacobian Varieties, American J. Math., 78 (1956), 171- 
199. 

[8] Milne, J. S., Jacobian Varieties, in Arithmetic geometry, Cornell and Silverman edi- 
tors, Springer Verlag, New York 1986. 
[9] Pila, J., Frobenius Maps of Abelian Varieties and Finding Roots of Unity in Finite 
Fields, Math. Comp. 55 (1990), 745-763. 
[10] Schoof, R. J., Elliptic curves over finite fields and the computation of square roots 

mod p, Math, of Comp. 44 (1985), 483-494. 
[11] Seidenberg, A., Constructions in Algebra, Trans. Amer. Math. Soc. ,197 (1974), 273- 
313. 

[12] Silverman, J.H., The Arithmetic of Elliptic Curves, Springer Verlag, New York 
1986. 



Department of Mathematics and Statistics, McGill University, Montreal H3A 2K6 Canada 
pila@math.mcgill.ca 

7 



